ZyWALL User's Guide

ManualsBrandsZyXEL Communications ManualsNetwork Router100 Series

781

782

783

784

785

786

787

788

789

790

Appendix A Log Descriptions

ZyWALL USG 100/200 Series User’s Guide

782

System fatal error:

60011002.

The device failed to get the application patrol protocol list.

System fatal error:

60011003.

The device failed to initiate XML.

System fatal error:

60011004.

The device failed to turn application patrol off while the system was

initiating.

Table 289 IKE Logs

LOG MESSAGE DESCRIPTION

Peer has not announced

DPD capability

The remote IPSec router has not announced its dead peer detection

(DPD) capability to this device.

[COOKIE] Invalid

cookie, no sa found

Cannot find SA according to the cookie.

[DPD] No response from

peer. Using existing

Phase-1 SA in %u

seconds. Trying with

Phase-1 rekey.

The device’s DPD feature has not detected a response from the

remote IPSec router. %u is the retry time.

[HASH] : Tunnel [%s]

Phase 1 hash mismatch

%s is the tunnel name. When negotiating Phase-1, the exchange hash

did not match.

[HASH] : Tunnel [%s]

Phase 2 hash mismatch"

%s is the tunnel name. When negotiating Phase-2, the calculated quick

mode authentication hash did not match.

[ID] : Invalid ID

information

ID payload is not valid (in Phase-1 is local/peer ID, in Phase-2 is local/

remote policy).

[ID] : Tunnel [%s]

Local IP mismatch

%s is the tunnel name. When negotiating Phase-1, the local tunnel IP

did not match the My IP in VPN gateway.

[ID] : Tunnel [%s] My

IP mismatch

%s is the tunnel name. When negotiating Phase-1 and selecting

matched proposal, My IP Address could not be resolved.

[ID] : Tunnel [%s]

Phase 1 ID mismatch

%s is the tunnel name. When negotiating Phase-1, the peer ID did not

match.

[ID] : Tunnel [%s]

Phase 2 Local ID

mismatch

%s is the tunnel name. When negotiating Phase-2 and checking IPsec

SAs or the ID is IPv6 ID.

[ID] : Tunnel [%s]

Phase 2 Remote ID

mismatch

%s is the tunnel name. When negotiating Phase-2 and checking IPsec

SAs or the ID is IPv6 ID.

[ID] : Tunnel [%s]

Remote IP mismatch

%s is the tunnel name. When negotiating Phase-1, the peer tunnel IP

did not match the secure gateway address in VPN gateway.

[SA] : Malformed IPSec

SA proposal

When selecting a matched proposal, some protocol was given more

than once.

[SA] : No proposal

chosen

When selecting a matched proposal in phase-1 or phase-2, so

proposal was selected.

[SA] : Tunnel [%s]

Phase 1 authentication

algorithm mismatch

%s is the tunnel name. When negotiating Phase-1, the authentication

algorithm did not match.

Table 288 Application Patrol (continued)

MESSAGE EXPLANATION